Apache / PHP Hardening

Apache compared to many other web servers has pretty good security by default however you may want to add some extra security to it by changing some of the default settings. For this example I will be using my favorite OS LinuxMint and version 13 and customizing the apache and php configurations to give a little tighter security

Change PHP Configuration File

sudo gedit /etc/php5/apache2/php.ini

When the text editor opens you will see many lines of configuration. go through the file and where you see the following variables replace them. If you do not have some of them feel free to add them to your configuration

disable_functions = exec,system,shell_exec,passthru register_globals = Off expose_php = Off display_errors = Off track_errors = Off html_errors = Off magic_quotes_gpc = Off

Restrict Information Apache Gives Out

By default apache on error pages and such will display the OS / build etc, this can be used by a hacker to look up vulerabilities in your OS / version of apache. The following lessens what apache tells on those pages.

Change Apache Configuration File

sudo gedit /etc/apache2/conf.d/security

When the text editor opens you will see many lines of configuration. go through the file and where you see the following variables replace them. If you do not have some of them feel free to add them to your configuration

ServerTokens Prod ServerSignature Off TraceEnable Off Header unset ETag FileETag None

Comit File Changes

Your edits will not take effect until apache gets restarted

sudo /etc/init.d/apache2 restart